oso-cloud 1.7.1 → 1.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +1 -1
- data/lib/oso/api.rb +55 -28
- data/lib/oso/oso.rb +10 -7
- data/lib/oso/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '09a0acf3356e34f0288272f0bf655b9894da2dff0493e147213241d04e1f2abd'
|
|
4
|
+
data.tar.gz: d0a7c5adc5c08f845cd22bca5f6cd40ec00a57ceab7c6e3a4ff9174e1582299f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ad73f20bdd9a4443d871c7a234ca616dbc64e05f157fa0f529535fbd13d45d8897eb437c15df79a4c3c7eb79a5fd257ce4b8a36d2c671d1ed2c0e939f967d662
|
|
7
|
+
data.tar.gz: 57b85901e6aa9bc8c337d993b8f29c12b04eea2224c34156e48ef22a5a0389acc8476fd6f44b76caf80299f52b942e3614d8613623c80b488e93ffee9b46890a
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -32,7 +32,7 @@ architecture, check out the
|
|
|
32
32
|
- To get up and running with Oso Cloud, try the
|
|
33
33
|
[Quickstart guide](https://www.osohq.com/docs/get-started/quickstart).
|
|
34
34
|
- For method-level documentation, see the
|
|
35
|
-
[Ruby Client API documentation](https://www.osohq.com/docs/
|
|
35
|
+
[Ruby Client API documentation](https://www.osohq.com/docs/app-integration/client-apis/ruby).
|
|
36
36
|
- Full documentation is available at
|
|
37
37
|
[osohq.com/docs](https://www.osohq.com/docs).
|
|
38
38
|
- To learn about authorization best practices (not specific to Oso), read the
|
data/lib/oso/api.rb
CHANGED
|
@@ -80,10 +80,10 @@ module OsoCloud
|
|
|
80
80
|
|
|
81
81
|
def initialize(metadata:)
|
|
82
82
|
@metadata = if metadata.is_a? PolicyMetadata
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
83
|
+
metadata
|
|
84
|
+
else
|
|
85
|
+
PolicyMetadata.new(**metadata)
|
|
86
|
+
end
|
|
87
87
|
end
|
|
88
88
|
end
|
|
89
89
|
|
|
@@ -293,7 +293,7 @@ module OsoCloud
|
|
|
293
293
|
faraday.response :raise_error
|
|
294
294
|
faraday.response :json, parser_options: { symbolize_names: true }
|
|
295
295
|
faraday.request :retry, {
|
|
296
|
-
max: (options && options[:max_retries]) ||
|
|
296
|
+
max: (options && options[:max_retries]) || 3,
|
|
297
297
|
interval: 0.01,
|
|
298
298
|
interval_randomness: 0.005,
|
|
299
299
|
max_interval: 1,
|
|
@@ -301,7 +301,7 @@ module OsoCloud
|
|
|
301
301
|
retry_statuses: [429, 500, 502, 503, 504],
|
|
302
302
|
# This is the default set of methods plus POST.
|
|
303
303
|
# ref: https://github.com/lostisland/faraday-retry#specify-which-methods-will-be-retried
|
|
304
|
-
methods: %i[delete get head options post put]
|
|
304
|
+
methods: %i[delete get head options post put]
|
|
305
305
|
}
|
|
306
306
|
|
|
307
307
|
if options && options[:test_adapter]
|
|
@@ -336,12 +336,23 @@ module OsoCloud
|
|
|
336
336
|
@client_id = SecureRandom.uuid
|
|
337
337
|
end
|
|
338
338
|
|
|
339
|
-
def fallback_eligible(path)
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
339
|
+
def fallback_eligible(path, method:)
|
|
340
|
+
path_eligible = if method == 'get'
|
|
341
|
+
['/facts', '/policy_metadata'].include?(path)
|
|
342
|
+
elsif method == 'post'
|
|
343
|
+
['/authorize',
|
|
344
|
+
'/authorize_resources',
|
|
345
|
+
'/list',
|
|
346
|
+
'/actions',
|
|
347
|
+
'/query',
|
|
348
|
+
'/authorize_query',
|
|
349
|
+
'/list_query',
|
|
350
|
+
'/actions_query'].include?(path)
|
|
351
|
+
else
|
|
352
|
+
false
|
|
353
|
+
end
|
|
354
|
+
|
|
355
|
+
!@fallback_connection.nil? && path_eligible
|
|
345
356
|
end
|
|
346
357
|
|
|
347
358
|
def get_policy
|
|
@@ -496,13 +507,14 @@ module OsoCloud
|
|
|
496
507
|
|
|
497
508
|
def GET(path, params)
|
|
498
509
|
begin
|
|
499
|
-
response = @connection.get("api#{path}")
|
|
510
|
+
response = @connection.get("api#{path}") do |req|
|
|
500
511
|
req.params = params unless params.nil?
|
|
501
512
|
req.headers = headers
|
|
502
513
|
end
|
|
503
514
|
response.body
|
|
504
|
-
rescue Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
|
|
505
|
-
|
|
515
|
+
rescue Faraday::BadRequestError, Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
|
|
516
|
+
Faraday::SSLError => e
|
|
517
|
+
raise e unless fallback_eligible(path, method: 'get')
|
|
506
518
|
|
|
507
519
|
response = @fallback_connection.get("api#{path}") do |req|
|
|
508
520
|
req.params = params unless params.nil?
|
|
@@ -515,6 +527,14 @@ module OsoCloud
|
|
|
515
527
|
end
|
|
516
528
|
|
|
517
529
|
def POST(path, params, body, isMutation)
|
|
530
|
+
max_body_size = 10 * 1024 * 1024
|
|
531
|
+
hash = OsoCloud::Helpers.to_hash(body) unless body.nil?
|
|
532
|
+
json_str = JSON.generate(hash)
|
|
533
|
+
body_size_bytes = json_str&.bytesize || 0
|
|
534
|
+
if body_size_bytes > max_body_size
|
|
535
|
+
raise ApiError.new(message: "Request payload too large (body_size_bytes: #{body_size_bytes}, max_body_size #{max_body_size})")
|
|
536
|
+
end
|
|
537
|
+
|
|
518
538
|
begin
|
|
519
539
|
response = @connection.post("api#{path}") do |req|
|
|
520
540
|
req.params = params unless params.nil?
|
|
@@ -522,13 +542,12 @@ module OsoCloud
|
|
|
522
542
|
req.headers = headers
|
|
523
543
|
end
|
|
524
544
|
|
|
525
|
-
if isMutation
|
|
526
|
-
@last_offset = response.headers[:OsoOffset]
|
|
527
|
-
end
|
|
545
|
+
@last_offset = response.headers[:OsoOffset] if isMutation
|
|
528
546
|
response.body
|
|
529
547
|
# only attempt fallback on 5xx, and connection failure conditions
|
|
530
|
-
rescue Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
|
|
531
|
-
|
|
548
|
+
rescue Faraday::BadRequestError, Faraday::ServerError, Faraday::ConnectionFailed, Faraday::TimeoutError,
|
|
549
|
+
Faraday::SSLError => e
|
|
550
|
+
raise e unless fallback_eligible(path, method: 'post')
|
|
532
551
|
|
|
533
552
|
response = @fallback_connection.post("api#{path}") do |req|
|
|
534
553
|
req.params = params unless params.nil?
|
|
@@ -542,6 +561,14 @@ module OsoCloud
|
|
|
542
561
|
end
|
|
543
562
|
|
|
544
563
|
def DELETE(path, body)
|
|
564
|
+
max_body_size = 10 * 1024 * 1024
|
|
565
|
+
hash = OsoCloud::Helpers.to_hash(body) unless body.nil?
|
|
566
|
+
json_str = JSON.generate(hash)
|
|
567
|
+
body_size_bytes = json_str&.bytesize || 0
|
|
568
|
+
if body_size_bytes > max_body_size
|
|
569
|
+
raise ApiError.new(message: "Request payload too large (body_size_bytes: #{body_size_bytes}, max_body_size #{max_body_size})")
|
|
570
|
+
end
|
|
571
|
+
|
|
545
572
|
response = @connection.delete("api#{path}") do |req|
|
|
546
573
|
req.headers = headers
|
|
547
574
|
req.body = OsoCloud::Helpers.to_hash(body) unless body.nil?
|
|
@@ -554,16 +581,16 @@ module OsoCloud
|
|
|
554
581
|
def handle_faraday_error(error)
|
|
555
582
|
resp = error.response
|
|
556
583
|
formatted_request_id = if resp.nil? || resp[:headers].nil? || resp[:headers]['X-Request-ID'].nil?
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
584
|
+
''
|
|
585
|
+
else
|
|
586
|
+
' (Request ID: ' + resp[:headers]['X-Request-ID'] + ')'
|
|
587
|
+
end
|
|
561
588
|
|
|
562
589
|
err = if resp.nil? || resp[:body].nil? || resp[:body][:message].nil?
|
|
563
|
-
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
590
|
+
error.message
|
|
591
|
+
else
|
|
592
|
+
resp[:body][:message]
|
|
593
|
+
end
|
|
567
594
|
raise ApiError.new(message: err + formatted_request_id)
|
|
568
595
|
end
|
|
569
596
|
end
|
data/lib/oso/oso.rb
CHANGED
|
@@ -8,7 +8,7 @@ require 'oso/helpers'
|
|
|
8
8
|
|
|
9
9
|
##
|
|
10
10
|
# For more detailed documentation, see
|
|
11
|
-
# https://www.osohq.com/docs/
|
|
11
|
+
# https://www.osohq.com/docs/app-integration/client-apis/ruby
|
|
12
12
|
module OsoCloud
|
|
13
13
|
# Represents an object in your application, with a type and id.
|
|
14
14
|
# Both "type" and "id" should be strings.
|
|
@@ -41,8 +41,9 @@ module OsoCloud
|
|
|
41
41
|
# @param actor [OsoCloud::Value]
|
|
42
42
|
# @param action [String]
|
|
43
43
|
# @param resource [OsoCloud::Value]
|
|
44
|
+
# @param context_facts [Array<fact>]
|
|
44
45
|
# @return [String]
|
|
45
|
-
def authorize_local(actor, action, resource)
|
|
46
|
+
def authorize_local(actor, action, resource, context_facts = [])
|
|
46
47
|
actor_typed_id = actor.to_api_value
|
|
47
48
|
resource_typed_id = resource.to_api_value
|
|
48
49
|
result = @api.post_authorize_query(
|
|
@@ -52,7 +53,7 @@ module OsoCloud
|
|
|
52
53
|
action: action,
|
|
53
54
|
resource_type: resource_typed_id.type,
|
|
54
55
|
resource_id: resource_typed_id.id,
|
|
55
|
-
context_facts:
|
|
56
|
+
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
|
|
56
57
|
)
|
|
57
58
|
)
|
|
58
59
|
result.sql
|
|
@@ -67,8 +68,9 @@ module OsoCloud
|
|
|
67
68
|
# @param action [String]
|
|
68
69
|
# @param resource_type [String]
|
|
69
70
|
# @param column [String]
|
|
71
|
+
# @param context_facts [Array<fact>]
|
|
70
72
|
# @return [String]
|
|
71
|
-
def list_local(actor, action, resource_type, column)
|
|
73
|
+
def list_local(actor, action, resource_type, column, context_facts = [])
|
|
72
74
|
actor_typed_id = actor.to_api_value
|
|
73
75
|
result = @api.post_list_query(
|
|
74
76
|
query: OsoCloud::Core::ListQuery.new(
|
|
@@ -76,7 +78,7 @@ module OsoCloud
|
|
|
76
78
|
actor_id: actor_typed_id.id,
|
|
77
79
|
action: action,
|
|
78
80
|
resource_type: resource_type,
|
|
79
|
-
context_facts:
|
|
81
|
+
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
|
|
80
82
|
),
|
|
81
83
|
column: column
|
|
82
84
|
)
|
|
@@ -90,8 +92,9 @@ module OsoCloud
|
|
|
90
92
|
#
|
|
91
93
|
# @param actor [OsoCloud::Value]
|
|
92
94
|
# @param resource [OsoCloud::Value]
|
|
95
|
+
# @param context_facts [Array<fact>]
|
|
93
96
|
# @return [String]
|
|
94
|
-
def actions_local(actor, resource)
|
|
97
|
+
def actions_local(actor, resource, context_facts = [])
|
|
95
98
|
actor_typed_id = actor.to_api_value
|
|
96
99
|
resource_typed_id = resource.to_api_value
|
|
97
100
|
result = @api.post_actions_query(
|
|
@@ -100,7 +103,7 @@ module OsoCloud
|
|
|
100
103
|
actor_id: actor_typed_id.id,
|
|
101
104
|
resource_type: resource_typed_id.type,
|
|
102
105
|
resource_id: resource_typed_id.id,
|
|
103
|
-
context_facts:
|
|
106
|
+
context_facts: OsoCloud::Helpers.params_to_facts(context_facts)
|
|
104
107
|
)
|
|
105
108
|
)
|
|
106
109
|
result.sql
|
data/lib/oso/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -94,7 +94,7 @@ dependencies:
|
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '7.0'
|
|
97
|
-
description:
|
|
97
|
+
description:
|
|
98
98
|
email:
|
|
99
99
|
- support@osohq.com
|
|
100
100
|
executables: []
|
|
@@ -119,7 +119,7 @@ homepage: https://www.osohq.com/
|
|
|
119
119
|
licenses:
|
|
120
120
|
- Apache-2.0
|
|
121
121
|
metadata: {}
|
|
122
|
-
post_install_message:
|
|
122
|
+
post_install_message:
|
|
123
123
|
rdoc_options: []
|
|
124
124
|
require_paths:
|
|
125
125
|
- lib
|
|
@@ -135,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
135
135
|
version: '0'
|
|
136
136
|
requirements: []
|
|
137
137
|
rubygems_version: 3.2.33
|
|
138
|
-
signing_key:
|
|
138
|
+
signing_key:
|
|
139
139
|
specification_version: 4
|
|
140
140
|
summary: Oso Cloud Ruby client
|
|
141
141
|
test_files: []
|